|
|
/*** HEAP.C
* * (C) Copyright Microsoft Corp., 1988-1994 * * Heap management * * If you are having trouble getting errors from this code, you might * want to try setting one of the following variables to non-zero: * * mmfErrorStop - enables stopping whenever there is an * error returned from a memory manager function * * hpfWalk - enables some verification of the entire heap when * coming into heap functions. Enabling heap walking * can dramatically slow down heap functions * but system-wide performance doesn't change too much. * * hpfParanoid - enables even more checking during heap walking * (hpfWalk must also be set) and enables heap walking * coming in and out of every heap call. * * hpfTrashStop - enables stopping in the debugger whenever * we detect a trashed heap block during hpfWalk * and it attempts to print the trashed address * * Origin: Chicago * * Change history: * * Date Who Description * --------- --------- ------------------------------------------------- * ?/91 BrianSm Created * 3/94 BrianSm Added heaps that can grow beyond initial max size * 6/94 BrianSm Decommit pages within free heap blocks */#ifdef WIN32
#include <EmulateHeap_kernel32.h>
#endif
#pragma hdrstop("kernel32.pch")
#ifndef WIN32
#include <basedef.h>
#include <winerror.h>
#include <vmmsys.h>
#include <mmlocal.h>
#include <sched.h>
#include <thrdsys.h>
#include <schedsys.h>
#include <schedc.h>
#include <heap.h>
#define pthCur pthcbCur
#define hpGetTID() (pthCur->thcb_ThreadId)
char INTERNAL hpfWalk = 1; /* enable some heap walking */
#ifdef HPDEBUG
#define dprintf(x) dprintf##x
#define DebugStop() mmFatalError(0)
#else
#define dprintf(x)
#endif
#define HeapFree(hheap, flags, lpMem) HPFree(hheap, lpMem)
#define HeapSize(hheap, flags, lpMem) HPSize(hheap, lpMem)
#define hpTakeSem(hheap, pblock, flags) hpTakeSem2(hheap, pblock)
#define hpClearSem(hheap, flags) hpClearSem2(hheap)
#else /* WIN32 */
#define pthCur (*pptdbCur)
#define hpGetTID() (pthCur ? (((struct tcb_s *)(pthCur->R0ThreadHandle))->TCB_ThreadId) : 0);
char mmfErrorStop = 1; /* enable stopping for all errors */char INTERNAL hpfWalk = 0; /* disable heap walking */
#ifdef HPMEASURE
BOOL PRIVATE hpMeasureItem(HHEAP hheap, unsigned uItem);#endif
#endif /* WIN32 */
#ifdef HPDEBUG
#define hpTrash(s) dprintf((s));dprintf((("\nheap handle=%x\n", hheap)));if (hpfTrashStop) DebugStop()
char INTERNAL hpfParanoid = 0; /* disable very strict walking */char INTERNAL hpfTrashStop = 1; /* enable stopping for trashed heap */char INTERNAL hpWalkCount = 0; /* keep count of times hpWalk called*/#endif
/***LD hpFreeSizes - the block sizes for the different free list heads
*/unsigned long hpFreeSizes[hpFREELISTHEADS] = {32, 128, 512, (ULONG)-1};
#ifndef WIN32
#pragma VMM_PAGEABLE_DATA_SEG
#pragma VxD_VMCREATE_CODE_SEG
#endif
#ifdef DEBUG
/***EP HeapSetFlags - set heap error flags
* * ENTRY: dwFlags - flags to change * dwFlagValues - new flag values * * EXIT: old values of the flags * (on RETAIL, this is a stub which returns -1) */#define HSF_MMFERRORSTOP 0x00000001
#define HSF_HPFPARANOID 0x00000002
#define HSF_VALIDMASK 0x00000003
DWORD APIENTRYHeapSetFlags( DWORD dwFlags, DWORD dwFlagValues){ DWORD dwOldFlagValues;
dwOldFlagValues = (mmfErrorStop ? HSF_MMFERRORSTOP : 0) | (hpfParanoid ? HSF_HPFPARANOID : 0);
if( dwFlags & ~HSF_VALIDMASK) { OutputDebugString( "HeapSetFlags: invalid flags, ignored\n"); return (DWORD)-1; // error
}
if( dwFlags & HSF_MMFERRORSTOP) { if( dwFlagValues & HSF_MMFERRORSTOP) mmfErrorStop = 1; else mmfErrorStop = 0; }
if( dwFlags & HSF_HPFPARANOID) { if( dwFlagValues & HSF_HPFPARANOID) { hpfTrashStop = 1; hpfWalk = 1; hpfParanoid = 1; } else { hpfParanoid = 0; } }
return dwOldFlagValues;}#endif
/***EP HPInit - initialize a memory block as a heap
* * ENTRY: hheap - heap handle for heap (same as pmem unless HP_INITSEGMENT) * pmem - pointer to chunk of memory (must be page aligned) * cbreserve - number of bytes reserved in block (must be PAGESIZE * multiple) * flags - HP_NOSERIALIZE: don't serialize heap operations * (if not, caller MUST serialize) * HP_EXCEPT: generate exceptions instead of errors * HP_GROWABLE: heap can grow infinitely beyond cbreserve * HP_LOCKED: commit pages as fixed to heap * HP_INITSEGMENT: initialize the block as an growable * heap segment * HP_GROWUP: waste last page in heap so heap allocs * will grow monotonically upwards from base * EXIT: handle to new heap or 0 if error. */HHEAP INTERNALHPInit(struct heapinfo_s *hheap, struct heapinfo_s *pmem, unsigned long cbreserve, unsigned long flags){ struct freelist_s *pfreelist; struct freelist_s *pfreelistend; unsigned *psizes; struct busyheap_s *pfakebusy; unsigned cbheader, cbmainfree;
mmAssert(((unsigned)pmem & PAGEMASK) == 0 && cbreserve != 0 && (cbreserve & PAGEMASK) == 0, "HPInit: invalid parameter\n");
/*
* Commit enough space at the beginning of the heap to hold a * heapinfo_s structure and a minimal free list. */ if (hpCommit((unsigned)pmem / PAGESIZE, (sizeof(struct heapinfo_s)+sizeof(struct freeheap_s)+PAGEMASK) / PAGESIZE, flags) == 0) { goto error; }
/*
* This next block of initialization stuff we only have to do if * we are creating a brand new heap, not just a heap segment. */ if ((flags & HP_INITSEGMENT) == 0) { cbheader = sizeof(struct heapinfo_s);
/*
* Fill in the heapinfo_s structure (per-heap information). */#ifdef WIN32
pmem->hi_procnext = 0;#endif
pmem->hi_psegnext = 0; pmem->hi_signature = HI_SIGNATURE; pmem->hi_flags = (unsigned char)flags;
#ifdef HPDEBUG
pmem->hi_cbreserve = cbreserve; /* this is also done below, here for sum */ pmem->hi_sum = hpSum(pmem, HI_CDWSUM); pmem->hi_eip = hpGetAllocator(); pmem->hi_tid = hpGetTID(); pmem->hi_thread = 0;#endif
/*
* If the caller requested that we serialize access to the heap, * create a critical section to do that. */ if ((flags & HP_NOSERIALIZE) == 0) { hpInitializeCriticalSection(pmem); }
/*
* Initialize the free list heads. * In the future we might want to have the user pass in the * size of the free lists he would like, but for now just copy * them from the static list hpFreeSizes. */ pfreelist = pmem->hi_freelist; pfreelistend = pfreelist + hpFREELISTHEADS; psizes = hpFreeSizes; for (; pfreelist < pfreelistend; ++pfreelist, ++psizes) { pfreelist->fl_cbmax = *psizes; hpSetFreeSize(&pfreelist->fl_header, 0); pfreelist->fl_header.fh_flink = &(pfreelist+1)->fl_header; pfreelist->fl_header.fh_blink = &(pfreelist-1)->fl_header;#ifdef HPDEBUG
pfreelist->fl_header.fh_signature = FH_SIGNATURE; pfreelist->fl_header.fh_sum = hpSum(&pfreelist->fl_header, FH_CDWSUM);#endif
}
/*
* Make the list circular by fusing the start and beginning */ pmem->hi_freelist[0].fl_header.fh_blink = &(pmem->hi_freelist[hpFREELISTHEADS - 1].fl_header); pmem->hi_freelist[hpFREELISTHEADS - 1].fl_header.fh_flink = &(pmem->hi_freelist[0].fl_header);#ifdef HPDEBUG
pmem->hi_freelist[0].fl_header.fh_sum = hpSum(&(pmem->hi_freelist[0].fl_header), FH_CDWSUM); pmem->hi_freelist[hpFREELISTHEADS - 1].fl_header.fh_sum = hpSum(&(pmem->hi_freelist[hpFREELISTHEADS - 1].fl_header), FH_CDWSUM);#endif
} else { cbheader = sizeof(struct heapseg_s); } pmem->hi_cbreserve = cbreserve;
/*
* Put a tiny busy heap header at the very end of the heap * so we can free the true last block and mark the following * block as HP_PREVFREE without worrying about falling off the * end of the heap. Give him a size of 0 so we can also use * him to terminate heap-walking functions. * We also might need to commit a page to hold the thing. */ pfakebusy = (struct busyheap_s *)((unsigned long)pmem + cbreserve) - 1; if (cbreserve > PAGESIZE) { if (hpCommit((unsigned)pfakebusy / PAGESIZE, (sizeof(struct busyheap_s) + PAGEMASK) / PAGESIZE, flags) == 0) { goto errordecommit; } } hpSetBusySize(pfakebusy, 0);#ifdef HPDEBUG
pfakebusy->bh_signature = BH_SIGNATURE; pfakebusy->bh_sum = hpSum(pfakebusy, BH_CDWSUM);#endif
/*
* Link the interior of the heap into the free list. * If we create one big free block, the page at the end of the heap will * be wasted because it will be committed (to hold the end sentinel) but * it will won't be touched for allocations until every other page in the * heap has been used. To avoid this, we create two free blocks, one for * main body of the heap and another block which has most of the last * page in it. We need to insert the last page first because hpFreeSub * looks at the following block to see if we need to coalesce. * The caller can force us to waste the last page by passing in HP_GROWUP. * It is used by some ring 3 components who would waste tiled selectors * if we had blocks being allocated from an outlying end page. */ if ((flags & HP_GROWUP) == 0 && cbreserve > PAGESIZE) { cbmainfree = cbreserve - cbheader - PAGESIZE + /* size of main block */ sizeof(struct freeheap_s *);
/*
* Put a little busy heap block at the front of the final page * to keep the final page from getting coalesced into the main free * block. */ pfakebusy = (struct busyheap_s *)((char *)pmem + cbmainfree + cbheader); hpSetBusySize(pfakebusy, sizeof(struct busyheap_s));#ifdef HPDEBUG
pfakebusy->bh_signature = BH_SIGNATURE; pfakebusy->bh_sum = hpSum(pfakebusy, BH_CDWSUM);#endif
/*
* Free the rest of the last page (minus the various little bits * we have taken out) */ hpFreeSub(hheap, pfakebusy + 1, PAGESIZE - /* entire page, less... */ sizeof(struct freeheap_s *) - /* back-pointer to prev free*/ sizeof(struct busyheap_s) - /* anti-coalescing busy block*/ sizeof(struct busyheap_s), /* end sentinel */ 0);
/*
* Otherwise, make the entirety of our heap between the end of the header * end the end sentinel into a free block. */ } else { cbmainfree = cbreserve - sizeof(struct busyheap_s) - cbheader; }
/*
* Now put the main body of the heap onto the free list */ hpFreeSub(hheap, (char *)pmem + cbheader, cbmainfree, 0);
#ifdef HPDEBUG
/*
* Verify the heap is ok. Note, a new heap segment will fail the test * until we hook it up properly in HPAlloc, so skip the check for them. */ if (hpfParanoid && hheap == pmem) { hpWalk(hheap); }#endif
/*
* Return a pointer to the start of the heap as the heap handle */ exit: return(pmem);
errordecommit: PageDecommit((unsigned)pmem / PAGESIZE, (sizeof(struct heapinfo_s)+sizeof(struct freeheap_s)+PAGEMASK) / PAGESIZE, PC_STATIC); error: pmem = 0; goto exit;}
#ifndef WIN32
/***EP HPClone - make a duplicate of an existing heap
* * This routine is used to create a new heap that has heap blocks * allocated and free in the same places as another heap. However, * the contents of the blocks will be zero-initialized, rather than * the same as the other heap. * * If this routine fails, it is the responsibility of the caller * to free up any memory that might have been committed (as well as * the original reserved object). * * ENTRY: hheap - handle to existing heap to duplicate * pmem - pointer to new memory block to turn into duplicate heap * (the address must be reserved and not committed) * EXIT: handle to new heap if success, else 0 if failure */HHEAP INTERNALHPClone(struct heapinfo_s *hheap, struct heapinfo_s *pmem){ struct freeheap_s *ph; struct freeheap_s *phend;#ifdef HPDEBUG
struct freeheap_s *phnew;#endif
/*
* We need to take the heap semaphore for the old heap so no one * changes its contents while we clone it (that could confuse the * walking code). */ if (hpTakeSem(hheap, 0, 0) == 0) { pmem = 0; goto exit; }
/*
* First call HPInit on the new block to get it a header */ if (HPInit(pmem, pmem, hheap->hi_cbreserve, (unsigned)hheap->hi_flags) == 0) { goto error; }
/*
* Ring 0 heaps are layed out in the following general areas: * * 1 heap header * 2 mix of allocated and free heap blocks * 3 giant free heap block (remains of initial free block) * 4 a single minimum size busy heap block * 5 mix of allocated and free heap blocks * 6 end sentinel * * The general method for cloning a heap is to walk the entire source * heap and allocate blocks on the new heap corresponding to all * the blocks on the source heap, busy or free. Then go back through * the source free list and free the corresponding blocks on the * new heap. You will then have two heaps with the same lay-out of * free and busy blocks. However, doing this will cause a huge overcommit * spike when block (3) gets allocated and then freed. To avoid this, * when allocating the blocks we first allocate the blocks from area (5) * then the blocks in (2) which will naturally leave us with a big * free block at (3) like there should be without causing a spike. * This scheme will only work if (3) is the last block on the free * list, otherwise the free list will not be in the correct order when * we are done. "phend" will be pointed to block (3) if it is * in the correct place for us to do our trick, otherwise we set it to (4). * "ph" will start just past (4). */ ph = (struct freeheap_s *)((char *)hheap + hheap->hi_cbreserve - PAGESIZE + sizeof(struct freeheap_s *) + sizeof(struct busyheap_s)); phend = hheap->hi_freelist[0].fl_header.fh_blink;
/*
* If the last block on the free list isn't just before (4) then * reset our variables as per comment above. */ if ((char *)phend + hpSize(phend)+sizeof(struct busyheap_s) != (char *)ph) { phend = (struct freeheap_s *)((char *)ph - sizeof(struct busyheap_s)); mmAssert(hpIsBusySignatureValid((struct busyheap_s *)ph) && hpSize(ph) == sizeof(struct busyheap_s), "HPClone: bad small busy block"); }
/*
* Now walk through the old heap and allocate corresponding blocks * on the new heap. First we allocate the blocks on the last page. */ for (; hpSize(ph) != 0; (char *)ph += hpSize(ph)) { if (HPAlloc(pmem,hpSize(ph)-sizeof(struct busyheap_s),HP_ZEROINIT)==0){ mmAssert(0, "HPClone: alloc off last page failed"); /* already committed */ } }
/*
* Then allocate the blocks in the first part of heap, except maybe * the big free block (3) if we are set up that way from above. */ ph = (struct freeheap_s *)(hheap + 1); for (; ph != phend; (char *)ph += hpSize(ph)) { if (HPAlloc(pmem, hpSize(ph) - sizeof(struct busyheap_s), HP_ZEROINIT) == 0) { goto error; } }
/*
* How go back through the heap and free up all the blocks that are * free on the old heap. We have to do this by walking the old * heap's free list backwards, so the free blocks are in the same * order on both heaps. */ ph = hheap->hi_freelist[0].fl_header.fh_blink; for (; ph != &(hheap->hi_freelist[0].fl_header); ph = ph->fh_blink) {
mmAssert(hpIsFreeSignatureValid(ph), "HPClone: bad block on free list");
/*
* Skip freeing any list heads and the "pfhbigfree" if we are * special casing him */ if (hpSize(ph) != 0 && ph != phend) { if (HPFree(pmem, (char *)pmem + sizeof(struct busyheap_s) + (unsigned long)ph - (unsigned long)hheap) == 0) { mmAssert(0, "HPClone: HPFree failed"); } } }
#ifdef HPDEBUG
/*
* Now let's verify that they really came out the same */ for (ph = (struct freeheap_s *)(hheap+1), phnew = (struct freeheap_s *)(pmem + 1); hpSize(ph) != 0; (char *)phnew += hpSize(ph), (char *)ph += hpSize(ph)) {
mmAssert(ph->fh_size == phnew->fh_size, "HPClone: mis-compare"); }#endif
clearsem: hpClearSem(hheap, 0);
exit: return(pmem);
error: pmem = 0; goto clearsem;}
#ifndef WIN32
#pragma VMM_PAGEABLE_DATA_SEG
#pragma VxD_W16_CODE_SEG
#endif
/***LP hpWhichHeap - figure out which Dos386 heap a pointer came from
* * ENTRY: p - pointer to heap block * EXIT: handle to appropriate heap or 0 if invalid address */HHEAP INTERNALhpWhichHeap(ULONG p){ struct heapseg_s *pseg;
/*
* Check the fixed heap first, because it is sadly the most commonly used */ pseg = (struct heapseg_s *)hFixedHeap; do { if (p > (ULONG)pseg && p < (ULONG)pseg + pseg->hs_cbreserve) { return(hFixedHeap); } pseg = pseg->hs_psegnext; } while (pseg != 0);
/*
* Then check the swappable heap */ pseg = (struct heapseg_s *)hSwapHeap; do { if (p > (ULONG)pseg && p < (ULONG)pseg + pseg->hs_cbreserve) { return(hSwapHeap); } pseg = pseg->hs_psegnext; } while (pseg != 0);
/*
* Finally the init heap. Note that the init heap isn't growable, so we * can just do a simple range check rather than the segment looping we * do for the other heaps. */ if (p > (ULONG)hInitHeap && p < InitHeapEnd) { return(hInitHeap); }
/*
* If we fall down to here, the address wasn't on any of the heaps */ mmError(ERROR_INVALID_ADDRESS, "hpWhichHeap: block not on heap"); return(0);}#endif
/***EP HeapFree or HPFree - free a heap block
* * Mark the passed in block as free and insert it on the appropriate * free list. * * ENTRY: hheap - pointer to base of heap * flags (ring 3 only) - HP_NOSERIALIZE * pblock - pointer to data of block to free (i.e., just past * busyheap_s structure) * EXIT: 0 if error (bad hheap or pblock) or 1 if success */#ifdef WIN32
BOOL APIENTRYHeapFreeInternal(HHEAP hheap, DWORD flags, LPSTR lpMem)#else
unsigned INTERNALHPFree(HHEAP hheap, void *lpMem)#endif
{ unsigned long cb; struct freeheap_s *pblock;
pblock = (struct freeheap_s *)((struct busyheap_s *)lpMem - 1); /* point to heap header */
if (hpTakeSem(hheap, pblock, flags) == 0) { return(0); } cb = hpSize(pblock); pblock->fh_size |= 0xf0000000;
#ifdef HPMEASURE
if (hheap->hi_flags & HP_MEASURE) { hpMeasureItem(hheap, cb | HPMEASURE_FREE); }#endif
/*
* If the previous block is free, coalesce with it. */ if (pblock->fh_size & HP_PREVFREE) { (unsigned)pblock = *((unsigned *)pblock - 1); /* point to prev block */ cb += hpSize(pblock);
/*
* Remove the previous block from the free list so we can re-insert * the combined block in the right place later */ hpRemove(pblock); }
/*
* Build a free header for the block and insert him on the appropriate * free list. This routine also marks the following block as HP_PREVFREE * and performs coalescing with the following block. */ hpFreeSub(hheap, pblock, cb, HP_DECOMMIT);
hpClearSem(hheap, flags); return(1);}
/***EP HPAlloc - allocate a heap block
* * ENTRY: hheap - pointer to base of heap * cb - size of block requested * flags - HP_ZEROINIT - zero initialize new block * EXIT: none */void * INTERNALHPAlloc(HHEAP hheap, unsigned long cb, unsigned long flags){ struct freelist_s *pfreelist; struct freeheap_s *pfh; struct freeheap_s *pfhend; struct heapseg_s *pseg; unsigned cbreserve;
/*
* Detect really big sizes here so that we don't have to worry about * rounding up big numbers to 0 */ if (cb > hpMAXALLOC) { mmError(ERROR_NOT_ENOUGH_MEMORY, "HPAlloc: request too big\n\r"); goto error; }
if (hpTakeSem(hheap, 0, flags) == 0) { goto error; } cb = hpRoundUp(cb);
#ifdef HPMEASURE
if (hheap->hi_flags & HP_MEASURE) { hpMeasureItem(hheap, cb); }#endif
restart: /*
* Find the first free list header that will contain a block big * enough to satisfy this allocation. * * NOTE: at the cost of heap fragmentation, we could change this * to allocate from the first free list that is guaranteed to * have a block big enough as its first entry. That would * cut down paging on swappable heaps. */ for (pfreelist=hheap->hi_freelist; cb > pfreelist->fl_cbmax; ++pfreelist) { }
/*
* Look for a block big enough for us on the list head returned. * Even if we follow the advice of the NOTE above and pick a list * that will definitely contain a block big enough for us we still * have to do this scan to pass by any free list heads in the * way (they have a size of 0, so we will never try to allocate them). * * We know we have reached the end of the free list when we get to * to the first free list head (since the list is circular). */ pfh = pfreelist->fl_header.fh_flink; pfhend = &(hheap->hi_freelist[0].fl_header); for (; pfh != pfhend; pfh = pfh->fh_flink) {
/*
* Did we find a block big enough to hold our request? */ if (hpSize(pfh) >= cb) {
/*
* At this point we have a block of free memory big enough to * use in pfh. */ { struct busyheap_s *pbh = (struct busyheap_s *)pfh;
if ((cb = hpCarve(hheap, pfh, cb, flags)) == 0) { goto errorclearsem; } hpSetBusySize(pbh, cb);#ifdef HPDEBUG
pbh->bh_signature = BH_SIGNATURE; pbh->bh_eip = hpGetAllocator(); pbh->bh_tid = hpGetTID(); pbh->bh_sum = hpSum(pbh, BH_CDWSUM);#endif
hpClearSem(hheap, flags); return(pbh + 1); } } }
/*
* If we fall out of the above loop, there are no blocks available * of the correct size. */
/*
* If the heap isn't there is nothing we can do but return error. */ if ((hheap->hi_flags & HP_GROWABLE) == 0) { mmError(ERROR_NOT_ENOUGH_MEMORY,"HPAlloc: not enough room on heap\n"); goto errorclearsem; }
/*
* The heap is growable but all the existing heap segments are full. * So reserve a new segment here. The "PAGESIZE*2" below will take care * of the header on the new segment and the special final page, leaving * a big enough free block for the actual request. */ cbreserve = max(((cb + PAGESIZE*2) & ~PAGEMASK), hpCBRESERVE);
if (((unsigned)pseg =#ifdef WIN32
PageReserve(((unsigned)hheap >= MINSHAREDLADDR) ? PR_SHARED : PR_PRIVATE, cbreserve / PAGESIZE, PR_STATIC)) == -1) {
mmError(ERROR_NOT_ENOUGH_MEMORY, "HPAlloc: reserve failed\n");#else
PageReserve(PR_SYSTEM, cbreserve / PAGESIZE, PR_STATIC | ((hheap->hi_flags & HP_LOCKED) ? PR_FIXED :0))) == -1) {#endif
goto errorclearsem; }
/*
* Initialize the new segment as a heap (including linking its initial * free block into the heap). */ if (HPInit(hheap, (HHEAP)pseg, cbreserve, hheap->hi_flags | HP_INITSEGMENT) == 0) { goto errorfree; }
/*
* Link the new heap segment onto the list of segments. */ pseg->hs_psegnext = hheap->hi_psegnext; hheap->hi_psegnext = pseg;
/*
* Now go back up to restart our search, we should find the new segment * to satisfy the request. */ goto restart;
/*
* Code below this comment is used only in the error path. */ errorfree: PageFree((unsigned)pseg, PR_STATIC);
errorclearsem: hpClearSem(hheap, flags);#ifdef WIN32
if ((flags | hheap->hi_flags) & HP_EXCEPT) { RaiseException(STATUS_NO_MEMORY, 0, 1, &cb); }#endif
error: return(0);}
/***EP HPReAlloc - reallocate a heap block
* * ENTRY: hheap - pointer to base of heap * pblock - pointer to data of block to reallocate * (just past the busyheap_s structure) * cb - new size requested (in bytes) * flags - HP_ZEROINIT - on grows, fill new area with 0s * HP_MOVEABLE - on grows, moving of block is allowed * HP_NOCOPY - don't preserve old block's contents * EXIT: pointer to reallocated block or 0 if failure */void * INTERNALHPReAlloc(HHEAP hheap, void *pblock, unsigned long cb, unsigned long flags){ void *pnew; unsigned oldsize; struct freeheap_s *pnext; struct busyheap_s *pbh;
/*
* Detect really big sizes here so that we don't have to worry about * rounding up big numbers to 0 */ if (cb > hpMAXALLOC) { mmError(ERROR_NOT_ENOUGH_MEMORY, "HPReAlloc: request too big\n\r"); goto error; }
pbh = (struct busyheap_s *)pblock - 1; /* point to heap block header */ if (hpTakeSem(hheap, pbh, flags) == 0) { goto error; } cb = hpRoundUp(cb); /* convert to heap block size */ oldsize = hpSize(pbh);
/*
* Is this a big enough shrink to cause us to carve off the end of * the block? */ if (cb + hpMINSIZE <= oldsize) { hpFreeSub(hheap, (char *)pbh + cb, oldsize - cb, HP_DECOMMIT); hpSetSize(pbh, cb);#ifdef HPDEBUG
pbh->bh_sum = hpSum(pbh, BH_CDWSUM);#endif
/*
* Is this a grow? */ } else if (cb > oldsize) { /*
* See if there is a next door free block big enough for us * grow into so we can realloc in place. */ pnext = (struct freeheap_s *)((char *)pbh + oldsize); if ((pnext->fh_size & HP_FREE) == 0 || hpSize(pnext) < cb - oldsize) { /*
* We have to move the object in order to grow it. * Make sure that is ok with the caller first. */ if (flags & HP_MOVEABLE) {#ifdef HPDEBUG
/*
* On a debug system, remember who allocated this memory * so we don't lose the info when we allocate the new block */ ULONG eip; USHORT tid;
eip = pbh->bh_eip; tid = pbh->bh_tid;#endif
/*
* The size we have computed in cb includes a heap header. * Remove that since our call to HPAlloc bellow will * also add on a header. */ cb -= sizeof(struct busyheap_s);
/*
* If the caller doesn't care about the contents of the * memory block, just allocate a new chunk and free old one */ if (flags & HP_NOCOPY) { HeapFree(hheap, HP_NOSERIALIZE, pblock); if ((pblock = HPAlloc(hheap, cb, flags | HP_NOSERIALIZE)) == 0) { dprintf(("HPReAlloc: HPAlloc failed 1\n")); goto errorclearsem; }
/*
* If the caller cares about his data, allocate a new * block and copy the old stuff into it */ } else {
if ((pnew = HPAlloc(hheap, cb, flags | HP_NOSERIALIZE))==0){ dprintf(("HPReAlloc: HPAlloc failed 2\n")); goto errorclearsem; } memcpy(pnew, pblock, oldsize - sizeof(struct busyheap_s)); HeapFree(hheap, HP_NOSERIALIZE, pblock); pblock = pnew; }
#ifdef HPDEBUG
/*
* Put back in the original owner */ pbh = (((struct busyheap_s *)pblock) - 1); pbh->bh_eip = eip; pbh->bh_tid = tid; pbh->bh_sum = hpSum(pbh, BH_CDWSUM);#endif
/*
* Moving of the block is not allowed. Return error. */ } else { mmError(ERROR_LOCKED,"HPReAlloc: fixed block\n"); goto errorclearsem; }
/*
* We can grow in place into the following block */ } else { if ((cb = hpCarve(hheap, pnext, cb - oldsize, flags)) == 0) { goto errorclearsem; } hpSetSize(pbh, oldsize + cb);#ifdef HPDEBUG
pbh->bh_sum = hpSum(pbh, BH_CDWSUM);#endif
}
/*
* This is place to put code for nop realloc if we ever have any. */ } else {
}
hpClearSem(hheap, flags); exit: return(pblock);
errorclearsem: hpClearSem(hheap, flags);
error: pblock = 0; goto exit;}
#ifndef WIN32
#pragma VMM_PAGEABLE_DATA_SEG
#pragma VxD_RARE_CODE_SEG
#endif
/***EP HeapSize or HPSize - return size of a busy heap block (less any header)
* * ENTRY: hheap - pointer to base of heap * flags (ring 3 only) - HP_NOSERIALIZE * pdata - pointer to heap block (just past busyheap_s struct) * EXIT: size of block in bytes, or 0 if error */#ifdef WIN32
DWORD APIENTRYHeapSize(HHEAP hheap, DWORD flags, LPSTR lpMem)#else
unsigned INTERNALHPSize(HHEAP hheap, void *lpMem)#endif
{ struct busyheap_s *pblock; unsigned long cb;
pblock = ((struct busyheap_s *)lpMem) - 1; /* point to heap block header*/
if (hpTakeSem(hheap, pblock, flags) == 0) { return(0); }
cb = hpSize(pblock) - sizeof(struct busyheap_s);
hpClearSem(hheap, flags); return(cb);}
#ifndef WIN32
#pragma VMM_PAGEABLE_DATA_SEG
#pragma VxD_W16_CODE_SEG
#endif
/***LP hpCarve - carve off a chunk from the top of a free block
* * This is a low level worker routine and several very specific * entry conditions must be true: * * The free block is valid. * The free block is at least as big as the chunk you want to carve. * The heap semaphore is taken. * * No header is created for the carved-off piece. * * ENTRY: hheap - pointer to base of heap * pfh - pointer to header of free block to carve from * cb - size of block to carve out * flags - HP_ZEROINIT * EXIT: count of bytes in carved off block (may differ from cb if * free block wasn't big enough to make a new free block from * its end) or 0 if error (out of memory on commit) */unsigned INTERNALhpCarve(HHEAP hheap, struct freeheap_s *pfh, unsigned cb, unsigned flags){ unsigned cbblock = hpSize(pfh); unsigned pgcommit, pgnextcommit, pglastcommit; unsigned fcommitzero;
/*
* For multi-page HP_ZEROINIT blocks, it would be nice to commit * zero-filled pages rather than use memset because then we wouldn't have * to make the new pages in the block present and dirty unless and until * the app really wanted to use them (saving on working set and page outs). * This could be a huge win if someone is allocating big objects. * However, we have the problem of what to do about a new partial page at * the end of a heap block. If we commit it as zero-filled, then we are * zeroing more than we have to (the part of the page not used for this * block). If we commit it un-initialized, then we have to make two * separate commit calls, one for the zero-filled pages and one for the * last page. Rather than spend the time of two commit calls and the logic * to figure out when to make them, we always commit zero-filled pages for * everything. Better to zero too much than too little by mistake. We * reduce the percentage cost of the mistake case by only doing this * optimization for large blocks. * Here we decide if the block is big enough to commit zero-filled pages. */ if ((flags & HP_ZEROINIT) && cb > 4*PAGESIZE) { fcommitzero = HP_ZEROINIT; } else { fcommitzero = 0; }
mmAssert(cbblock >= cb, "hpCarve: carving out too big a block\n"); mmAssert((pfh->fh_size & HP_FREE), "hpCarve: target not free\n");
/*
* Since pfh points to a valid free block header, we know we have * committed memory up through the end of the fh structure. However, * the page following the one containing the last byte of the fh * structure might not be committed. We set "pgcommit" to that * possibly uncommitted page. */ /*last byte in fh*/ /*next pg*/ /*its pg #*/ pgcommit = ((((unsigned)(pfh+1)) - 1 + PAGESIZE) / PAGESIZE);
/*
* pgnextcommit is the page number of the page just past this free block * that we know is already committed. Since free blocks have a * pointer back to the header in the last dword of the free block, * we know that the first byte of this dword is where we are guaranteed * to have committed memory. */ pgnextcommit = ((unsigned)pfh + cbblock - sizeof(struct freeheap_s *)) / PAGESIZE;
/*
* If the block we found is too big, carve off the end into * a new free block. */ if (cbblock >= cb + hpMINSIZE) {
/*
* We need to commit the memory for the new block we are allocating * plus enough space on the end for the following free block header * that hpFreeSub will make. The page number for that last page * we need to commit is pglastcommit. If we know that pglastcommit * is already committed because it sits on the same page as * the start of the next block (pgnextcommit), back it up one. */ pglastcommit = ((unsigned)pfh + cb + sizeof(struct freeheap_s) - 1) / PAGESIZE; if (pglastcommit == pgnextcommit) { pglastcommit--; } if (hpCommit(pgcommit, pglastcommit - pgcommit + 1, fcommitzero | hheap->hi_flags) == 0) { goto error; }
/*
* Remove the original free block from the free list. We need to do * this before the hpFreeSub below because it might trash our current * free links. */ hpRemove(pfh);
/*
* Link the portion we are not using onto the free list */ hpFreeSub(hheap, (struct freeheap_s *)((char *)pfh + cb), cbblock-cb,0);
/*
* We are using the whole free block for our purposes. */ } else { if (hpCommit(pgcommit, pgnextcommit - pgcommit, fcommitzero | hheap->hi_flags) == 0) { goto error; }
/*
* Remove the original free block from the free list. */ hpRemove(pfh);
/*
* Clear the PREVFREE bit from the next block since we are no longer * free. */ cb = cbblock; ((struct busyheap_s *)((char *)pfh + cb))->bh_size &= ~HP_PREVFREE;#ifdef HPDEBUG
((struct busyheap_s *)((char *)pfh + cb))->bh_sum = hpSum((struct busyheap_s *)((char *)pfh + cb), BH_CDWSUM);#endif
}
/*
* Zero-fill the block if requested and return */ if (flags & HP_ZEROINIT) { /*
* If fcommitzero is set, we have multi-page heap object with the * newly committed pages already set up to be zero-filled. * So we only have to memset the partial page at the start of the * block (up to the first page we committed) and maybe the partial * page at the end. */ if (fcommitzero) { memset(pfh, 0, (pgcommit * PAGESIZE) - (unsigned)pfh);
/*
* We have to zero the partial end page of this block if we didn't * commit the page freshly this time. */ if ((unsigned)pfh + cb > pgnextcommit * PAGESIZE) { memset((PVOID)(pgnextcommit * PAGESIZE), 0, (unsigned)pfh + cb - (pgnextcommit * PAGESIZE)); }
/*
* If the block fits on one page, just fill the whole thing */ } else { memset(pfh, 0, cb); }#ifdef HPDEBUG
} else { memset(pfh, 0xcc, cb);#endif
} exit: return(cb);
error: cb = 0; goto exit;}
/***LP hpCommit - commit new pages of the right type into the heap
* * The new pages aren't initialized in any way. * The pages getting committed must currently be uncommitted. * Negative values are allowed for the "npages" parameter, they * are treated the same as 0 (a nop). * * ENTRY: page - starting page number to commit * npages - number of pages to commit (may be negative or zero) * flags - HP_LOCKED: commit the new pages as fixed (otherwise * they will be swappable) * HP_ZEROINIT: commit the new pages as zero-initialized * EXIT: non-zero if success, else 0 if error */unsigned INTERNALhpCommit(unsigned page, int npages, unsigned flags){ unsigned rc = 1; /* assume success */
if (npages > 0) {#ifdef HPDEBUG
MEMORY_BASIC_INFORMATION mbi;
/*
* All the pages should be currently reserved but not committed * or else our math in hpCarve is off. */ PageQuery(page * PAGESIZE, &mbi, sizeof(mbi));#ifdef WIN32
mmAssert(mbi.State == MEM_RESERVE && mbi.RegionSize >= (unsigned)npages * PAGESIZE, "hpCommit: range not all reserved\n");#else
mmAssert(mbi.mbi_State == MEM_RESERVE && mbi.mbi_RegionSize >= (unsigned)npages * PAGESIZE, "hpCommit: range not all reserved");#endif
#endif
rc = PageCommit(page, npages, (#ifndef WIN32
(flags & HP_LOCKED) ? PD_FIXED :#endif
PD_NOINIT) - ((flags & HP_ZEROINIT) ? (PD_NOINIT - PD_ZEROINIT) : 0), 0,#ifndef WIN32
((flags & HP_LOCKED) ? PC_FIXED : 0) | PC_PRESENT |#endif
PC_STATIC | PC_USER | PC_WRITEABLE);#ifdef WIN32
if (rc == 0) { mmError(ERROR_NOT_ENOUGH_MEMORY, "hpCommit: commit failed\n"); }#endif
} return(rc);}
/***LP hpFreeSub - low level block free routine
* * This routine inserts a block of memory on the free list with no * checking for block validity. It handles coalescing with the * following block but not the previous one. The block must also * be big enough to hold a free header. The heap semaphore must * be taken already. Any existing header information is ignored and * overwritten. * * This routine also marks the following block as HP_PREVFREE. * * Enough memory must be committed at "pblock" to hold a free header and * a dword must committed at the very end of "pblock". Any whole pages * in between those areas will be decommitted by this routine. * * ENTRY: hheap - pointer to base of heap * pblock - pointer to memory block * cb - count of bytes in block * flags - HP_DECOMMIT: decommit pages entirely within heap block * (must be specified unless pages are known * to be already decommitted) * EXIT: none */void INTERNALhpFreeSub(HHEAP hheap, struct freeheap_s *pblock, unsigned cb, unsigned flags){ struct freelist_s *pfreelist; struct freeheap_s *pnext; struct freeheap_s *pfhprev; struct freeheap_s **ppnext; unsigned pgdecommit, pgdecommitmax; unsigned cbfree; int cpgdecommit;
mmAssert(cb >= hpMINSIZE, "hpFreeSub: bad param\n");
/*
* If the following block is free, coalesce with it. */ pnext = (struct freeheap_s *)((char *)pblock + cb); if (pnext->fh_size & HP_FREE) { cb += hpSize(pnext);
/*
* Remove the following block from the free list. We will insert * the combined block in the right place later. * Here we also set "pgdecommitmax" which is the page just past the * header of the following free block we are coalescing with. */ hpRemove(pnext); pgdecommitmax = ((unsigned)(pnext+1) + PAGEMASK) / PAGESIZE; pnext = (struct freeheap_s *)((char *)pblock + cb); /* recompute */
} else { pgdecommitmax = 0x100000; }
#ifdef HPDEBUG
/*
* In debug we fill the free block with here with the byte * 0xfe which happens to be nice invalid value either if excecuted * or referenced as a pointer. We only fill up through the first * page boundary because I don't want to deal with figuring out * which pages are committed and which not. */ memset(pblock, 0xfe, min(cb, (PAGESIZE - ((unsigned)pblock & PAGEMASK))));#endif
/*
* Decommit any whole pages within this free block. We need to be * careful not to decommit either part of our heap header for this block * or the back-pointer to the header we store at the end of the block. * It would be nice if we could double check our math by making sure * that all of the pages we are decommitting are currently committed * but we can't because we might be either carving off part of a currently * free block or we might be coalescing with other already free blocks. */ ppnext = (struct freeheap_s **)pnext - 1;
if (flags & HP_DECOMMIT) { /*last byte in fh*/ /*next pg*/ /*its pg #*/ pgdecommit = ((unsigned)(pblock+1) - 1 + PAGESIZE) / PAGESIZE;
/*
* This max statement will keep us from re-decommitting the pages * of any block we may have coalesced with above. */ pgdecommitmax = min(pgdecommitmax, ((unsigned)ppnext / PAGESIZE)); cpgdecommit = pgdecommitmax - pgdecommit; if (cpgdecommit > 0) {#ifdef HPDEBUG
unsigned tmp =#endif
PageDecommit(pgdecommit, cpgdecommit, PC_STATIC);#ifdef HPDEBUG
mmAssert(tmp != 0, "hpFreeSub: PageDecommit failed\n");#endif
}
#ifdef HPDEBUG
/*
* If the caller didn't specify HP_DECOMMIT verify that all the pages * are already decommitted. */ } else { pgdecommit = ((unsigned)(pblock+1) - 1 + PAGESIZE) / PAGESIZE; cpgdecommit = ((unsigned)ppnext / PAGESIZE) - pgdecommit; if (cpgdecommit > 0) { MEMORY_BASIC_INFORMATION mbi;
PageQuery(pgdecommit * PAGESIZE, &mbi, sizeof(mbi));#ifdef WIN32
mmAssert(mbi.State == MEM_RESERVE && mbi.RegionSize >= (unsigned)cpgdecommit * PAGESIZE, "hpFreeSub: range not all reserved\n");#else
mmAssert(mbi.mbi_State == MEM_RESERVE && mbi.mbi_RegionSize >= (unsigned)cpgdecommit * PAGESIZE, "hpFreeSub: range not all reserved");#endif /*WIN32*/
}#endif /*HPDEBUG*/
}
/*
* Point the last dword of the new free block to its header and * mark the following block as HP_PREVFREE; */ *ppnext = pblock; pnext->fh_size |= HP_PREVFREE;#ifdef HPDEBUG
((struct busyheap_s *)pnext)->bh_sum = hpSum(pnext, BH_CDWSUM);#endif
/*
* Find the appropriate free list to insert the block on. * The last free list node should have a size of -1 so don't * have to count to make sure we don't fall off the end of the list * heads. */ for (pfreelist=hheap->hi_freelist; cb > pfreelist->fl_cbmax; ++pfreelist) { }
/*
* Now walk starting from that list head and insert it into the list in * sorted order. */ pnext = &(pfreelist->fl_header); do { pfhprev = pnext; pnext = pfhprev->fh_flink; cbfree = hpSize(pnext); } while (cb > cbfree && cbfree != 0);
/*
* Insert the block on the free list just after the list head and * mark the header as free */ hpInsert(pblock, pfhprev); hpSetFreeSize(pblock, cb);#ifdef HPDEBUG
pblock->fh_signature = FH_SIGNATURE; pblock->fh_sum = hpSum(pblock, FH_CDWSUM);#endif
return;}
/***LP hpTakeSem - get exclusive access to a heap
* * This routine verifies that the passed in heap header is valid * and takes the semaphore for that heap (if HP_NOSERIALIZE wasn't * specified when the heap was created). Optionally, it will * also verify the validity of a busy heap block header. * * ENTRY: hheap - pointer to base of heap * pbh - pointer to busy heap block header (for validation) * or 0 if there is no block to verify * flags (ring 3 only) - HP_NOSERIALIZE * EXIT: 0 if error (bad heap or block header), else 1 */#ifdef WIN32
unsigned INTERNALhpTakeSem(HHEAP hheap, struct busyheap_s *pbh, unsigned htsflags)#else
unsigned INTERNALhpTakeSem2(HHEAP hheap, struct busyheap_s *pbh)#endif
{ struct heapseg_s *pseg;#ifdef HPDEBUG
unsigned cb;#endif
#ifndef WIN32
#define htsflags 0
mmAssert(!mmIsSwapping(), "hpTakeSem: heap operation attempted while swapping\n");#endif
#ifdef HPNOTTRUSTED
/*
* Verify the heap header. */ if (hheap->hi_signature != HI_SIGNATURE) { mmError(ERROR_INVALID_PARAMETER,"hpTakeSem: bad header\n"); goto error; }#else
pbh; /* dummy reference to keep compiler happy */ cb; /* dummy reference to keep compiler happy */#endif
/*
* Do the actual semaphore taking */ if (((htsflags | hheap->hi_flags) & HP_NOSERIALIZE) == 0) {#ifdef WIN32
EnterMustComplete();#endif
hpEnterCriticalSection(hheap); }
#ifndef WIN32
/*
* This is make sure that if we block while committing or decommitting * pages we will not get reentered. */ mmEnterPaging("hpTakeSem: bogus thcb_Paging");#endif
#ifdef HPNOTTRUSTED
/*
* If the caller wanted us to verify a heap block header, do so here. */ if (pbh) {
/*
* First check that the pointer is within the specified heap */ pseg = (struct heapseg_s *)hheap; do { if ((char *)pbh > (char *)pseg && (char *)pbh < (char *)pseg + pseg->hs_cbreserve) {
/*
* We found the segment containing the block. Validate that * it actually points to a heap block. */ if (!hpIsBusySignatureValid(pbh)#ifdef HPDEBUG
|| ((unsigned)pbh & hpGRANMASK) || (pbh->bh_size & HP_FREE) || (char *)pbh+(cb = hpSize(pbh)) > (char *)pseg+pseg->hs_cbreserve|| (int)cb < hpMINSIZE || pbh->bh_signature != BH_SIGNATURE#endif
) { goto badaddress; } else { goto pointerok; } } pseg = pseg->hs_psegnext; /* on to next heap segment */ } while (pseg);
/*
* If we fell out of loop, we couldn't find the heap block on this * heap. */ goto badaddress; }#endif
pointerok:
#ifdef HPDEBUG
/*
* Make sure that only one thread gets in the heap at a time */ if (hheap->hi_thread && hheap->hi_thread != (unsigned)pthCur) { dprintf(("WARNING: two threads are using heap %x at the same time.\n", hheap)); mmError(ERROR_BUSY, "hpTakeSem: re-entered\n\r"); goto clearsem; } hheap->hi_thread = (unsigned)pthCur;
/*
* Verify the heap is ok. If hpfParanoid isn't set, only walk the heap * every 4th time. */ if (hpfParanoid || (hpWalkCount++ & 0x03) == 0) { if (hpWalk(hheap) == 0) { mmError(ERROR_INVALID_PARAMETER,"Heap trashed outside of heap code -- someone wrote outside of their block!\n"); goto clearsem; } }#endif
return(1);
badaddress: mmError(ERROR_INVALID_PARAMETER,"hpTakeSem: invalid address passed to heap API\n"); goto clearsem; clearsem: hpClearSem(hheap, htsflags); error: return(0);}
/***LP hpClearSem - give up exclusive access to a heap
* * ENTRY: hheap - pointer to base of heap * flags (ring 3 only) - HP_NOSERIALIZE * EXIT: none */#ifdef WIN32
void INTERNALhpClearSem(HHEAP hheap, unsigned flags)#else
void INTERNALhpClearSem2(HHEAP hheap)#endif
{
/*
* Verify the heap is ok */#ifdef HPDEBUG
if (hpfParanoid) { hpWalk(hheap); } hheap->hi_thread = 0;#endif
#ifndef WIN32
mmExitPaging("hpClearSem: bogus thcb_Paging");#endif
/*
* Free the semaphore */ if (((#ifdef WIN32
flags |#endif
hheap->hi_flags) & HP_NOSERIALIZE) == 0) { hpLeaveCriticalSection(hheap); #ifdef WIN32
LeaveMustComplete();#endif
}}
#ifdef HPDEBUG
#ifndef WIN32
#pragma VMM_LOCKED_DATA_SEG
#pragma VMM_LOCKED_CODE_SEG
#endif
/***LP hpWalk - walk a heap to verify everthing is OK
* * This routine is "turned-on" if the hpfWalk flag is non-zero. * * If hpWalk is detecting an error, you might want to set * hpfTrashStop which enables stopping in the debugger whenever * we detect a trashed heap block and it attempts to print the * trashed address. * * ENTRY: hheap - pointer to base of heap * EXIT: 1 if the heap is OK, 0 if it is trashed */unsigned INTERNALhpWalk(HHEAP hheap){ struct heapseg_s *pseg; struct freeheap_s *pfh; struct freeheap_s *pend; struct freeheap_s *pstart; struct freeheap_s *pfhend; struct busyheap_s *pnext; struct freeheap_s *pprev; unsigned cbmax; unsigned cheads;
if (hpfWalk) { /*
* First make a sanity check of the header */ if (hheap->hi_signature != HI_SIGNATURE) { dprintf(("hpWalk: bad header signature\n")); hpTrash(("trashed at %x\n", &hheap->hi_signature)); goto error; } if (hheap->hi_sum != hpSum(hheap, HI_CDWSUM)) { dprintf(("hpWalk: bad header checksum\n")); hpTrash(("trashed between %x and %x\n", hheap, &hheap->hi_sum)); goto error; }
/*
* Walk through all the blocks and make sure we get to the end. * The last block in the heap should be a busy guy of size 0. */ (unsigned)pfh = (unsigned)hheap + sizeof(struct heapinfo_s); pseg = (struct heapseg_s *)hheap; for (;;) { pprev = pstart = pfh; (unsigned)pend = (unsigned)pseg + pseg->hs_cbreserve; for (;; (unsigned)pfh += hpSize(pfh)) {
if (pfh < pstart || pfh >= pend) { dprintf(("hpWalk: bad block address\n")); hpTrash(("trashed addr %x\n", pprev)); goto error; }
/*
* If the block is free... */ if (pfh->fh_signature == FH_SIGNATURE) {
if (pfh->fh_sum != hpSum(pfh, FH_CDWSUM)) { dprintf(("hpWalk: bad free block checksum\n")); hpTrash(("trashed addr between %x and %x\n", pfh, &pfh->fh_sum)); goto error; } mmAssert(hpIsFreeSignatureValid(pfh), "hpWalk: bad tiny free sig\n");
if (hpfParanoid) { /*
* Free blocks should be marked as HP_FREE and the following * block should be marked HP_PREVFREE and be busy. * But skip this check if the following block is 4 bytes * into a page boundary so we don't accidentally catch * the moment in HPInit where we have two adjacent * free blocks for a minute. Any real errors that this * skips will probably be caught later on. */ pnext = (struct busyheap_s *)((char *)pfh + hpSize(pfh)); if (((unsigned)pnext & PAGEMASK) != sizeof(struct freeheap_s *) && ((pfh->fh_size & HP_FREE) == 0 || (pnext->bh_size & HP_PREVFREE) == 0 || pnext->bh_signature != BH_SIGNATURE)) {
dprintf(("hpWalk: bad free block\n")); hpTrash(("trashed addr near %x or %x or %x\n",pprev, pfh, pnext)); goto error; }
/*
* Also verify that a free block is linked on the free list */ if ((pfh->fh_flink->fh_size & HP_FREE) == 0 || pfh->fh_flink->fh_blink != pfh || (pfh->fh_blink->fh_size & HP_FREE) == 0 || pfh->fh_blink->fh_flink != pfh) {
dprintf(("hpWalk: free block not in free list properly\n")); hpTrash(("trashed addr probably near %x or %x or %x\n", pfh, pfh->fh_blink, pfh->fh_flink)); goto error; } }
/*
* Busy blocks should not be marked HP_FREE and if they are * marked HP_PREVFREE the previous block better be free. */ } else if (pfh->fh_signature == BH_SIGNATURE) {
if (((struct busyheap_s *)pfh)->bh_sum != hpSum(pfh, BH_CDWSUM)) { dprintf(("hpWalk: bad busy block checksum\n")); hpTrash(("trashed addr between %x and %x\n", pfh, &((struct busyheap_s *)pfh)->bh_sum)); goto error; } mmAssert(hpIsBusySignatureValid((struct busyheap_s *)pfh), "hpWalk: bad tiny busy sig\n");
if (hpfParanoid) { if (pfh->fh_size & HP_FREE) { dprintf(("hpWalk: busy block marked free\n")); hpTrash(("trashed addr %x\n", pfh)); goto error; }
/*
* Verify that the HP_PREVFREE bit is set only when * the previous block is free, and vice versa * But skip this check if the following block is 4 bytes * into a page boundary so we don't accidentally catch * the moment in HPInit where we have two adjacent * free blocks for a minute. Any real errors that this * skips will probably be caught later on. */ if (pfh->fh_size & HP_PREVFREE) { if (pprev->fh_signature == FH_SIGNATURE) { if (*((struct freeheap_s **)pfh - 1) != pprev) { dprintf(("hpWalk: free block tail doesn't point to head\n")); hpTrash(("trashed at %x\n", (unsigned)pfh - 4)); goto error; } } else { dprintf(("HP_PREVFREE erroneously set\n")); hpTrash(("trashed at %x\n", pfh)); goto error; } } else if (pprev->fh_signature == FH_SIGNATURE && ((unsigned)pfh & PAGEMASK) != sizeof(struct freeheap_s *)) { dprintf(("hpWalk: HP_PREVFREE not set\n")); hpTrash(("trashed addr %x\n", pfh)); goto error; } } /*
* The block should have had one of these signatures! */ } else { dprintf(("hpWalk: bad block signature\n")); hpTrash(("trashed addr %x\n",pfh)); goto error; }
/*
* We are at the end of the heap blocks when we hit one with * a size of 0 (the end sentinel). */ if (hpSize(pfh) == 0) { break; }
pprev = pfh; } if ((unsigned)pfh != (unsigned)pend - sizeof(struct busyheap_s) || pfh->fh_signature != BH_SIGNATURE) { dprintf(("hpWalk: bad end sentinel\n")); hpTrash(("trashed addr between %x and %x\n", pfh, pend)); goto error; }
/*
* We are done walking this segment. If there is another one, go * on to it, otherwise, terminate the walk */ pseg = pseg->hs_psegnext; if (pseg == 0) { break; } pfh = (struct freeheap_s *)(pseg + 1); }
if (hpfParanoid) { /*
* Walk through the free list. * cbmax is the maximum size of block we should find considering * the last free list header we ran into. * cheads is the number of list heads we found. */ pprev = pfh = hheap->hi_freelist[0].fl_header.fh_flink; cbmax = hheap->hi_freelist[0].fl_cbmax; cheads = 1; pfhend = &(hheap->hi_freelist[0].fl_header); for (; pfh != pfhend; pfh = pfh->fh_flink) {
if (pfh->fh_sum != hpSum(pfh, FH_CDWSUM)) { dprintf(("hpWalk: bad free block checksum 2\n")); hpTrash(("trashed addr between %x and %x\n", pfh, &pfh->fh_sum)); goto error; } mmAssert(hpIsFreeSignatureValid(pfh), "hpWalk: bad tiny free sig 2\n");
/*
* Keep track of the list heads we find (so we know all of them * are on the list) and make sure they are in acsending order. */ if ((HHEAP)pfh >= hheap && (HHEAP)pfh < hheap + 1) { if (hpSize(pfh) != 0) { dprintf(("hpWalk: bad size of free list head\n")); hpTrash(("trashed addr near %x or %x\n", pfh, pprev)); } if (&(hheap->hi_freelist[cheads].fl_header) != pfh) { dprintf(("hpWalk: free list head out of order\n")); hpTrash(("trashed addr probably near %x or %x\n", pfh, &(hheap->hi_freelist[cheads].fl_header))); goto error; } cbmax = hheap->hi_freelist[cheads].fl_cbmax; cheads++;
/*
* Normal free heap block */ } else { /*
* Look through each segment for the block */ for (pseg = (struct heapseg_s *)hheap; pseg != 0; pseg = pseg->hs_psegnext) {
if ((unsigned)pfh > (unsigned)pseg && (unsigned)pfh < (unsigned)pseg + pseg->hs_cbreserve) {
goto addrok; /* found the address */ } }
/* If we fall out pfh isn't within any of our segments */ dprintf(("hpWalk: free list pointer points outside heap bounds\n")); hpTrash(("trashed addr probably %x\n", pprev)); goto error;
addrok: if (pfh->fh_signature != FH_SIGNATURE || hpSize(pfh) > cbmax) {
dprintf(("hpWalk: bad free block on free list\n")); hpTrash(("trashed addr probably %x or %x\n", pfh, pprev)); goto error; }
/*
* Since the free list is in sorted order, this block * should be bigger than the previous one. This check * will also pass ok for list heads since they have * size 0 and everything is bigger than that. */ if (hpSize(pprev) > hpSize(pfh)) { dprintf(("hpWalk: free list not sorted right\n")); hpTrash(("trashed addr probably %x or %x\n", pfh, pprev)); } } pprev = pfh; } if (cheads != hpFREELISTHEADS) { dprintf(("hpWalk: bad free list head count\n")); hpTrash(("trashed somewhere between %x and %x\n", hheap, pend)); goto error; } } } return(1);
error: return(0);}
/***LP hpSum - compute checksum for a block of memory
* * This routine XORs all of the DWORDs in a block together and * then XORs that value with a constant. * * ENTRY: p - pointer to block to checksum * cdw - number of dwords to sum * EXIT: computed sum */unsigned long INTERNALhpSum(unsigned long *p, unsigned long cdw){ unsigned long sum;
for (sum = 0; cdw > 0; cdw--, p++) { sum ^= *p; } return(sum ^ 0x17761965);}
#ifdef WIN32
/***LP hpGetAllocator - walk the stack to find who allocated a block
* * This routine is used by HPAlloc to figure out who owns a block of * memory that is being allocated. We determine the owner by walking * up the stack and finding the first eip that is not inside the * memory manager or inside any other module that obfuscates who * the real allocator is (such as HMGR, which all GDI allocations * go through). * * ENTRY: none * EXIT: eip of interesting caller */extern HANDLE APIENTRY LocalAllocNG(UINT dwFlags, UINT dwBytes);
ULONG INTERNALhpGetAllocator(void){ ULONG Caller = 0; _asm { mov edx,[ebp] ; (edx) = HPAlloc ebp mov eax,[edx+4] ; (eax) = HPAlloc caller
; See if HPAlloc was called directly or from LocalAlloc or HeapAlloc; or PvKernelAlloc
cmp eax,offset LocalAllocNG jb hga4 ; jump to exit if called directly cmp eax,offset LocalAllocNG + 0x300 jb hga20
hga4: cmp eax,offset HeapAlloc jb hga6 ; jump to exit if called directly cmp eax,offset HeapAlloc + 0x50 jb hga20
hga6: cmp eax,offset PvKernelAlloc jb hga8 cmp eax,offset PvKernelAlloc + 0x50 jb hga20
hga8: cmp eax,offset PvKernelAlloc0 jb hgax cmp eax,offset PvKernelAlloc + 0x50 ja hgax
; When we get here, we know HPAlloc was called by LocalAlloc or HeapAlloc; or PvKernelAlloc. See if PvKernelAlloc was called by NewObject or; PlstNew.
hga20: mov edx,[edx] ; (edx) = Local/HeapAlloc ebp mov eax,[edx+4] ; (eax) = Local/HeapAlloc caller
cmp eax,offset NewObject jb hga34 cmp eax,offset NewObject + 0x50 jb hga40
hga34: cmp eax,offset LocalAlloc jb hga36 cmp eax,offset LocalAlloc+ 0x200 jb hga40
hga36: cmp eax,offset PlstNew jb hgax cmp eax,offset PlstNew + 0x50 ja hgax
hga40: mov edx,[edx] ; (edx) = PlstNew/NewObject ebp mov eax,[edx+4] ; (eax) = PlstNew/NewObject caller
cmp eax,offset NewNsObject jb hga50 cmp eax,offset NewNsObject + 0x50 jb hga60hga50: cmp eax,offset NewPDB jb hga55 cmp eax,offset NewPDB + 0x50 jb hga60hga55: cmp eax,offset NewPevt jb hgax cmp eax,offset NewPevt + 0x50 ja hgaxhga60: mov edx,[edx] ; (edx) = NewNsObject/NewPDB/NewPevt ebp mov eax,[edx+4] ; (eax) = NewNsObject/NewPDB/NewPevt callerhgax: mov Caller, eax } return Caller;}
#ifdef HPMEASURE
#define FIRSTBLOCK(hheap) ((unsigned)(hheap + 1) + sizeof(struct busyheap_s))
/***EP HPMeasure - enable measurement of heap activity.
* * ENTRY: hheap - pointer to base of heap * pszFile - name of file to place measurement data in. * EXIT: FALSE if error (couldn't allocate buffer) */BOOL APIENTRYHPMeasure(HHEAP hheap, LPSTR pszFile){ struct measure_s *pMeasure; HANDLE hFile; BOOL bSuccess = FALSE;
if (!hpTakeSem(hheap, NULL, 0)) return FALSE;
/* Allocate the structure & ensure it is the first block in the heap! */ pMeasure = (struct measure_s *)HPAlloc(hheap, sizeof(struct measure_s), 0); if ((unsigned)pMeasure != (unsigned)FIRSTBLOCK(hheap)) { mmError(0, "HPMeasure: Must be called before first heap allocation.\n"); goto cleanup; }
/* verify the filename is valid and transfer the filename to the buffer */ hFile = CreateFile(pszFile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if ((long)hFile == -1) { mmError(0, "HPMeasure: The specified file is invalid.\n"); goto cleanup; } CloseHandle(hFile); lstrcpy(pMeasure->szFile, pszFile);
/* initialize the buffer variables */ pMeasure->iCur = 0;
/* set the measure flag in the heap header */ hheap->hi_flags |= HP_MEASURE;
/* Success. */ bSuccess = TRUE;
cleanup: hpClearSem(hheap, 0); return bSuccess;}
/***EP HPFlush - write out contents of sample buffer.
* * ENTRY: hheap - pointer to base of heap * EXIT: FALSE if error (couldn't write data) */BOOL APIENTRYHPFlush(HHEAP hheap){ BOOL bResult, bSuccess = FALSE; HANDLE hFile; unsigned uBytesWritten; struct measure_s *pMeasure = (struct measure_s *)FIRSTBLOCK(hheap);
if (!hpTakeSem(hheap, NULL, 0)) return FALSE;
/* open the file & seek to the end */ hFile = CreateFile(pMeasure->szFile, GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if ((long)hFile == -1) { mmError(0, "HPFlush: could not open file.\n"); goto cleanup; } SetFilePointer(hFile, 0, 0, FILE_END);
/* write the data out. */ bResult = WriteFile(hFile, pMeasure->uSamples, pMeasure->iCur * sizeof(unsigned), &uBytesWritten, NULL); CloseHandle(hFile);
if (!bResult) { mmError(0, "HPFlush: could not write to file.\n"); goto cleanup; }
/* Success. */ bSuccess = TRUE;
cleanup: /* clear the buffer */ pMeasure->iCur = 0;
hpClearSem(hheap, 0); return bSuccess;}
/***LP hpMeasureItem - add item to measurement data
* * ENTRY: hheap - pointer to base of heap * uItem - piece of data to record * EXIT: FALSE if error (couldn't write buffer) */BOOL PRIVATEhpMeasureItem(HHEAP hheap, unsigned uItem){ struct measure_s *pMeasure = (struct measure_s *)FIRSTBLOCK(hheap);
/* empty buffer if it's full */ if (pMeasure->iCur == SAMPLE_CACHE_SIZE) { if (!HPFlush(hheap)) return FALSE; }
/* Add data to the list */ pMeasure->uSamples[pMeasure->iCur++] = uItem;
return TRUE;}
#endif
/* routine by DonC to help debug heap leaks */void KERNENTRYhpDump(HHEAP hheap, char *where) { struct freeheap_s *pfh; unsigned avail = 0, acnt = 0; unsigned used = 0, ucnt = 0;
/*
* Walk through all the blocks and make sure we get to the end. * The last block in the heap should be a busy guy of size 0. */ (unsigned)pfh = (unsigned)hheap + sizeof(struct heapinfo_s);
for (;; (unsigned)pfh += hpSize(pfh)) {
/*
* If the block is free... */ if (pfh->fh_signature == FH_SIGNATURE) {
avail += hpSize(pfh); acnt++;
/*
* Busy blocks should not be marked HP_FREE and if they are * marked HP_PREVFREE the previous block better be free. */ } else if (pfh->fh_signature == BH_SIGNATURE) {
used += hpSize(pfh); ucnt++;
/*
* The block should have had one of these signatures! */ } else { dprintf(("hpWalk: bad block signature\n")); hpTrash(("trashed addr %x\n",pfh)); }
/*
* We are at the end of the heap blocks when we hit one with * a size of 0 (the end sentinel). */ if (hpSize(pfh) == 0) { break; }
}
DebugOut((DEB_WARN, "%ld/%ld used, %ld/%ld avail (%s)", used, ucnt, avail, acnt, where));
}#endif
#endif /* HPDEBUG */
|
